News
Seven days of Black Friday madness — great deal from Serverspace!
Serverspace Black Friday
WB
April 21, 2020
Updated June 7, 2023

How to change RDP account password

Windows

One of the good habits of any PC user, and especially a system administrator, is to periodically change account passwords. The main thing is not to forget it later.

How to change password on remote desktop?:

In operating systems of the Microsoft Windows Server family, it is common to use the keyboard shortcut Ctrl + Alt + Del to change the password the problem is that the “three buttons” cannot be used through “Remote Desktop Connection”. Let's see how to change the password anyway.

In Windows Server 2008, this can be done from the Start menu by clicking on “Windows Security”.

 

On the updated screen, select “Change Password”.

Choose "Change password"

Click on "Change a password"

 

We enter the old password and the new one and it's confirmation.

Type your previouse password and type new password twicely

In Windows Server 2012 and Windows Server 2012 R2, the task has become somewhat more complicated.

Open the notebook and write two lines:

set objShell = CreateObject("shell.application")
objshell.WindowsSecurity

We save the file with the extension * .vbs (we write manually.). To do this, select File -> Save as ...

Open the notebook and write two lines

In a new window, select the directory to save the file, for example, Desktop. In the File type, select All files, and in the File name, specify an arbitrary name, for example, 1.vbs.

After saving the file, it is ready for execution. Double-clicking with the left mouse button will bring up a screen in which “Change password” should be selected.

Click on "Change a password"

Further, everything is familiar.

Fill in the fields with the old password, indicate the new password and its confirmation. Click on the arrow icon.

Type your previouse password and type new password twicely

The Windows Server 2016 OS pleases with its attention to the user, but to change the password remotely, you still need to search for this item.

Open the Start menu and click on the user’s icon, select “Change account settings” in the menu that opens.

select “Change account settings” in the menu

In the “Parameters” window that opens, select “Login parameters”, and in the Password section, click on the Change button.

Go to "Sign-in options" and click on "Change"

In a new window, specify the current password and click on the Next button.

Type your current password and confirm it

The window will be updated and ask for a new password, its confirmation, as well as a hint for the password. Click on the button “Next”. As a result, click on the Finish button. The next login will be with a new password.

Type new password twicely and choose password hint

An alternative way

This method is applicable both for changing the password for your account and the accounts of other users.

From the Start menu, select Administration (“Administration Tools” in Windows Server 2016).

select Administration (“Administration Tools” in Windows Server 2016).

In a new window, double-click open “Computer Management”.

Double-click open “Computer Management”.

 

In the left part of the window that opens, open the “Local users and groups” branch and open the Users folder. In the main part of the window, right-click on the user and select “Set Password ...” in the context menu.

elect “Set Password ...” in the context menu.

The system will issue a warning. Having carefully read which and having realized all the risks, click on the “Continue” button. Otherwise, “Cancel."

carefully read which and having realized all the risks, click on the “Continue” button.

In a new window, specify the new password and its confirmation. When finished, click on the OK button.

When finished, click on the OK button.

How to change password on remote desktop with combination CTRL + ALT + END.

To get the combination CTRL + ALT + DEL on remote desktop, you need to press CTRL + ALT + END.
Pressing this combination will open a dialog box for us in which we will have to select "Change password":

Click on "Change a password"

 

To change the password, we will need to provide some data:

Type your previouse password and type new password twicely

 

How to change password on remote desktop using On-Screen keyboard.

When connecting to the desktop remotely, the password can be changed using the on-screen keyboard.
To open the on-screen keyboard, type "On-Screen Keyboard" or "OSK" in the Start menu.

Type "On-Screen Keyboard"

 

After the on-screen keyboard appears, hold down the ALT + CTRL keys and use the mouse to press the Del button.

Hold down the ALT + CTRL keys and use the mouse to press the Del button

 

You will get a dialog box in which you yourself will need to select "Change password":

Click on "Change a password"

 

To change the password, we will need to specify: username, old password and repeat the new password twice:

Type your previouse password and type new password twicely

 

How to change password in RDP session with a VBS script or PowerShell.

To call the password change window using a VBS script, create the WindowsSecurity.vbs file and enter the following lines of code there:

set objShell = CreateObject("shell.application")
objshell.WindowsSecurity

After that, after double-clicking on this VBS script, a dialog box will open in front of you, in which we will need to select "Change password":

Click on "Change a password"

 

To change the password, we will need to specify: username, old password and repeat the new password twice.

Type your previouse password and type new password twicely

 

Also, to open the password change window using PowerShell, open PowerShell itself using the Start menu and use the command:

New-Object -COM Shell.Application).WindowsSecurity()

Type that code in the PowerShell

 

After that, a dialog box will open in front of you, in which we will need to select "Change password":

Click on "Change a password"

 

To change the password, we will need to specify: username, old password and repeat the new password twice.

Type your previouse password and type new password twicely

 

To open the change password dialog box, you can create a shortcut with a link to the Windows Explorer shell extension.

First, create a shortcut and specify the given path for it:

C:\Windows\explorer.exe shell:::{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}

Create a shortcut and specify the given path for it

 

Next, choose a name for the label and create it:

Choose a name for the label and create it

 

After double-clicking on this shortcut, a dialog box will open in front of you, in which we will need to select "Change password":

Click on "Change a password"

 

To change the password, we will need to specify: username, old password and repeat the new password twice:

Type your previouse password and type new password twicely

 

Change password with Remote Desktop Web Access

In Windows Server 2012 /R2 and later, remote users with Remote Desktop Web Access rights have the ability to reset their password themselves through a special web page on the Remote Desktop Web Access server.

The remote password change functionality is available on the server with the Remote Desktop Web Access role, but this feature is disabled by default.

To enable this feature:
Open the IIS Manager server management console and go to [Name of your Server] - Sites - Default Web Site - RDWeb - Pages and open the Application Settings section.

Open the Application Settings section

 

In the right pane, select the option named "PasswordChangeEnabled" and change its value to "true".

Select the option named "PasswordChangeEnabled" and change its value to "true".

 

To check the availability of the password change page, go to: https://[RD-WEB-1]/RDWeb/Pages/en-US/password.aspx

After successfully changing the user's password, a message should appear:

Your password has been successfully changed.

How to change password in RDP witch CredSSP and NLA

Credential Security Support Provider (CredSSP) is a credential passing protocol used by RDP to protect DDoS attacks and unauthorized process execution.

Network Level Authentication (NLA) is a Remote Desktop Services feature that requires the connecting user to authenticate themselves before establishing a session with the server.

There is one important feature regarding changing an expired user password with RDP, related to the Network Level Authentication (NLA) option and the Credential Security Support Provider (CredSSP) protocol. By default, CredSSP with NLA for RDP is enabled on all versions of Windows starting with Windows Server 2012/Windows 8. NLA secures the RDP server by performing user authentication before establishing an RDP session with the server.

If the user's password has expired, or the user's AD administrator has enabled the option "userAccountControl" - wich requires to change password at first login, then an error will appear when logging in with RDP:

Remote Desktop Connection
You must change your password before logging on the first time. Please update your password or contact your system administrator or technical support.

As a result, the user will not be able to connect to the RDP server and change the password.

In this case, so that the user can change the password himself, you can:

1)  Set up Remote Desktop Web Access (RDWA) with a password change page as in this part of the manual : How to change password with Desktop Web Access

2) Create a separate server for changing user passwords. On this server, you need to disable the NLA function. In this case, users will be able to change the password.

3) The user can change his password remotely with PowerShell - as shown in this part of the tutorial How to change password with VBS-script or with PowerShell

Changing the password on the remote desktop using a special RDP file:

If you want the user to change the password using an .rdp file, then you must match the RDP configuration level security settings on the RDS interface and the server .rdp file prestandard on the client interface.

Try on the client side, open mstsc.exe.
In the start menu, type "mstsc" and select "Remote Desktop Connection":

Type in the start meny "mstsc" and select "Remote Desktop Connection"

Next, we configure all the necessary parameters for connecting to the server.
Click "Show more", enter the IP address of our remote computer and username there, then, using the Save As button, create an RDP file:

Save the file as .rdp

 

After that, open the RDP file with a text editor and add the line at the end of the file:

enablecredsspsupport:i:0

Add a line at the end of the file

 

Explanation: Adding this parameter to the RDP connection properties will allow the client to successfully establish an RDP session with the remote system and change the password before gaining access to the remote desktop. However, this setting will lower the security level of the RDP connection, as the client will not be able to use Network Level Authentication (NLA), which we described earlier in our article.

If NLA is enabled, then the user will not be able to connect and will receive the corresponding error:

 

An example of an error with NLA enabled

The only way to fix this error is to lower the RDP security level on the RDS server side by disabling the mandatory Network Level Authentication (NLA) requirement.

Important!

We do not recommend doing this if your remote computer may be subject to DDoS attacks and unauthorized processes.

To change this setting, on a remote computer, in the start menu, enter "Control Panel":

 

Enter in the start menu "Control Panel"

Next, go to "System and Security":

Go to "System and Security"

 

After that go to "System":

Go to the "System" menu

 

We open the window that appeared in full screen and select "Advanced system settings": "Allow connections only from ...":

Select "Advanced system settings"

 

We will have a window with "System Properties", go to the part with "Remote Access" and uncheck the box "Allow connections only from ...", then click "Apply" and "OK":

Select "Advanced system settings"

 

After we have disabled the NLA function on the RDP server side, the client, using a special RDP file, can successfully establish an RDP session and change the password in it:

Select "Reset password"

Type old password and new password twicely

 

 

After that you will be able to connect with the new password.

So, we have considered all possible ways to change the account password with RDP.

Vote:
4 out of 5
Аverage rating : 4.3
Rated by: 4
1101 CT Amsterdam The Netherlands, Herikerbergweg 292
+31 20 262-58-98
700 300
ITGLOBAL.COM NL
700 300
We use cookies to make your experience on the Serverspace better. By continuing to browse our website, you agree to our
Use of Cookies and Privacy Policy.